Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy
Amazon, Azure and SaaS are already on everyone's mind. When your data center workloads move to cloud, is your corporate backhaul the most efficient way to get to the applications? The migration of applications from the data center to the cloud is forcing organizations to rethink their branch network and security architectures to enable local internet breakouts. What are the challenges of local breakouts and the hybrid branch?
Join this webcast to discuss considerations for securely moving your branch workloads to the cloud to enable a better user experience, manage costs, and reduce risk.
Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that have been successfully used to address each of those challenges.
In this webinar, we will take a look at ISO/IEC 19086 which is an international standard for cloud service level agreements (SLAs). Specifically, we’ll discuss the impetus for establishing the standard in the first place, the scope of the work, organization of the parts, key elements and putting the standard to work. 19086 does not prescribe a template for SLAs but rather provides elements to consider when negotiating and drafting SLAs. 19086 introduces Service Qualitative Objective (SQO) as a new term and we’ll discuss the relationship between SQOs and the more traditional SLO (Service Level Objective). We’ll also discuss the relationship between SLAs and cloud service agreements (CSA) and other documents that can be part of a CSA.
Many companies rely on staticpoint-in-time security assessments to measure the cybersecurity health of their enterprise and vendor ecosystem. This approach is quickly becoming obsolete in today’s dynamic cyber threat landscape, fraught with increasingly sophisticated adversaries deploying malicious tactics to compromise your data. Continuous data-driven monitoring of security in your organization and in every vendor organization with access to your IT infrastructure is the only strategy that will keep you one step ahead of the bad guys.
This webinar will outline how you can gain an outside-in, data-driven view of the security posture of your IT infrastructure to:
- Empower your team with granular analytics capabilities as well as comprehensive visibility of your network and system vulnerabilities -- all from a hacker’s perspective.
- Enable your organization to monitor the the cybersecurity health of any third party/vendor organizations
- Uncover predictive breach capabilities
- Prioritize areas in which organizations can apply focus to meet regulatory compliance and standards requirements
From the Uber data leakage incident to cases where photographs of young or vulnerable people are stolen and misused on inappropriate websites, there is a fundamental gap: the lack of users' control over their data once it is uploaded onto the Internet. This talk introduces some of the key challenges and scientific trends in returning data control to cloud users, and how STRATUS (https://stratus.org.nz), a 6-year NZD12.23 mil (incl. GST) MBIE-funded cloud security research project, is addressing these gaps. The talk will also cover some of the Cloud Security Alliance's contributions to the STRATUS project.
Organizations have difficulties handling security auditing and compliance that can be scaled across many teams with varying infrastructure. Adobe found themselves in the same situation and in need of a tool that could provide a window into the complexities of their infrastructure. As a result HubbleStack was developed -- a free open source project.
Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives a window into the complexities of your infrastructure. It includes components for information gathering, file integrity monitoring, auditing, and reporting. This webcast you learn:
- Detail on the HubbleStack project
- How Adobe has made use of it across all of its cloud services
- How you can get and try out HubbleStack for yourself
- How you can help us move HubbleStack forward
- How you and others can contribute to the development of Hubblestack
The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear:
- 5 key architectural requirements your cloud security strategy can’t live without.
- What core building blocks you need to enable and secure your users and apps
- Learn how leading enterprises are transforming their security to cloud
Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share.
At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University.
For more questions about Zscaler, go to www.zscaler.com
A secure product lifecycle (SPLC) is integral to ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams.
In this webinar, Julia Knecht and Taylor Lobb – Managers, Security & Privacy Architecture at Adobe, will explain how a team of just two security pros helped roll out a successful SPLC program that has scaled to support thousands of engineers by leveraging automation and establishing security ambassadors (champions) within the product engineering teams.
Defining security requirements and KPIs for engineering teams is just the first step in creating the SPLC. In order to make the design a reality for several products, thousands of engineers, and millions of lines of code, Adobe’s team was organized into an “as a service” model and utilized automation to scale to meet this demand. Establishing a strong security ambassador program helped ensure the success of the SPLC. The centralized ambassador network has been crucial to the success all product security initiatives throughout the business unit.
You’ll walk away with on-the-ground knowledge you can use to establish an effective SPLC in your own organization by establishing and utilizing security ambassadors and providing seamless automation to support these key initiatives.
Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.
As a cloud customer, vendor, security auditor or regulator, you may have been involved with ensuring security in the cloud. Although numerous standards, regulations, and controls frameworks exist to ensure compliance with security best practices, a harmonized and cloud-focused guidance can be quite valuable. In this webinar, we will explore how the CSA Cloud Controls Matrix (CCM) framework provides organizations with such a harmonized guidance and needed structure relating to information security tailored to the cloud industry. We will also discuss how the CCM addresses assurance of legal and interoperability aspects of the cloud.